Abstract | ||
---|---|---|
The type of Probe/Exploit (hacking) intrusion can be regarded as a series of relevant actions that are occurred in some sequence. In frequent episodes mining, data is viewed as a sequence of events, where each event has an associated time of occurrence. So the mining technique has significant effect on discovering sophisticated Probe/Exploit intrusion attacks. Prior to deadly attacks to the victim computers, hackers must gather information about the victims and transfer instructions or files to the victims. The proposed method can be used to discover such abnormal episodes from the log files of honeypot systems. The proposed method can be applied to discover known or unknown attack episodes for any network services. In this paper, we focus on discovering attack episodes for SMB (Server Message Block) protocol, which is the most important one for Microsoft's Windows Network. In the experiment, we successfully mined out a sophisticated intrusion episode. The proposed method can easily be modified to protect other network services. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1007/978-3-642-02617-1_31 | ISA |
Keywords | Field | DocType |
frequent episodes mining,sophisticated probe,sophisticated intrusion episode,attack episode,intrusion attack,unknown attack episode,attack patterns discovery,honeypot systems,mining technique,network service,deadly attack,network security | Server Message Block,Honeypot,Attack patterns,Intrusion,Computer science,Computer security,Network security,Hacker,Exploit | Conference |
Volume | ISSN | Citations |
5576 | 0302-9743 | 0 |
PageRank | References | Authors |
0.34 | 6 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ming-Yang Su | 1 | 362 | 22.26 |
Kai-Chi Chang | 2 | 16 | 2.94 |
Chun-Yuen Lin | 3 | 41 | 3.71 |